PT-2023-13894 · Siretta · Siretta Quartz-Gold
Francesco Benvenuto
·
Published
2023-01-26
·
Updated
2023-02-02
·
CVE-2022-40701
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020
Description
A directory traversal issue exists in the httpd delfile.cgi functionality, allowing an attacker to send a specially-crafted HTTP request to delete arbitrary files.
Recommendations
For version G5.0.1.5-210720-141020, consider restricting access to the delfile.cgi functionality until a fix is available. As a temporary workaround, avoid using the httpd delfile.cgi functionality to minimize the risk of exploitation.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Siretta Quartz-Gold